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DETAILED ACTION 

Claims 1-43 have been considered. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-43 are rejected under 35 U.S.C. 102(b) as being anticipated by Hughes (Hughes, J. 
"Combined DES-CBC, HMAC and Replay Prevention Security Transform". IPsec Working Group. June 
1996). 

As per claims 1-43, the applicant describes a method of processing messages comprising the 
following limitations which are met by Hughes: 

a) determining a largest nonce value yet seen from a nonce value of a received message (pages 
3-4 and 10-11); 

b) comparing a nonce value of a received message with said largest nonce value yet seen (pages 
3-4 and 10-11); 

c) comparing said nonce value to an acceptance window in response to said nonce value not 
exceeding said largest nonce value yet seen (pages 3-4 and 10-11); 

d) rejecting said received message in response to said nonce value falling outside said 
acceptance window (pages 3-4 and 10-11); 

Hughes discloses the idea of a sliding acceptance window to allow a receiver to accept out-of- 
order nonce values while preventing replay attacks (pages 3-4). Appendix A (pages 10-11) illustrates the 
procedure, and the examiner has numbered lines of the code for referencing. The method first 
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determines if a received sequence number is larger than the stored largest nonce value (line 2) (parts a 
and b). If the received sequence number is larger than the stored largest nonce value, the method 
checks to make sure that the received sequence number is not excessively larger (line 4), sets a bit to 
indicate the particular sequence number has been received (line 5), and sets the received sequence 
number as the stored largest nonce value seen (line 7). 

If the received sequence number is not larger than the stored largest nonce value, the method 
compares the received sequence number to an acceptance window (line 10)(part c) and rejects the 
message if the received sequence number is too old (line 11)(part d). The method also includes a replay 
mask to make sure the received sequence number has not been seen even if it is within the acceptance 
window (lines 12-13). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-43 are rejected under 35 U.S.C. 103(a) as being unpatentable over Schneier, U.S. 
Patent No. 5.970,143. 

As per claims 1,10, and 19, the applicant describes a method of processing messages 
comprising the following limitations which are met by Schneier: 

a) determining a largest nonce value yet seen from a nonce value of a received message (Col 16, 
lines 9-16); 

b) comparing a nonce value of a received message with a largest nonce value yet seen (Col 16, 
lines 9-16); 
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c) comparing said nonce value to an acceptance window in response to said nonce value not 
exceeding said largest nonce value yet seen (Col 16, lines 17-32); 

d) rejecting said received message in response to said nonce value falling outside said 
acceptance window (Col 16, lines 17-32); 

Schneier discloses all the limitations of the above claim. However, Schneier discloses limitations 
a and b in one embodiment where sequence numbers are checked and limitations c and d in a second 
embodiment where a timestamp is checked to make sure the message is within an acceptable time 
window. 

Combining the two embodiments would mean that a message is first checked against the stored 
largest nonce value yet seen to make sure the newly-received sequence number is one larger. If the 
newly-received sequence number is one larger it can be accepted as fresh. If the newly-received 
sequence number does not exceed the largest nonce value yet seen, it is then checked against an 
acceptance window by the timestamping operation and rejected if it fails this test. 

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to 
combine the two embodiments together because doing so allows old messages which are valid to be 
allowed if they are within a certain time window. This makes the system more robust because it is now 
able to allow out-of-order messages received within a certain time window. 

As per claim 28, the applicant describes a system for processing messages in a peer-to-peer 
configuration comprising the following limitations: 

a) a first peer configured to provide secure communication (14 of Fig 2); 

b) a second peer configured to provide said secure communication (12 of Fig 2); 

c) a secure communication module configured to be executed by said first peer and second peer, 
wherein said secure communication module is configured to: 

i) determine a largest nonce value yet seen from a nonce value of a received message 
(Col 16, lines 9-16); 
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ii) compare said nonce value to a filter in response to a nonce value of a received packet 
not exceeding a largest nonce value yet seen (Col 16, lines 24-32); 

iii) compare said nonce value to a replay mask {Col 16, lines 24-32); 

iv) accept said received packet in response to said comparison of said nonce value and 
said replay mask being false (Col 16, lines 24-32); 

The filter is the acceptance window and is comprised of a time limit of acceptance^ and unexpired 
messages within that time limit of acceptance which are replay masks to prevent the same nonce from 
being sent twice. If the nonce is not the largest nonce value yet seen and the time associated with the 
nonce is within a certain acceptable time limit, it is compared to unexpired messages within the time limit 
and accepted if the nonce value is not equal to a replay mask value already received. 

As per claim 36, the applicant describes an interceptor device for processing messages 
comprising the following limitations: 

a) a network interface (20 of Fig 2; Col 1 1, lines 56-58); 

b) an expected sequence register configured to enumerate an expected sequence number of a 
packet received from a second network device (Col 16, lines 9-16); 

c) a memory configured to store a replay mask (Col 16, lines 24-32); 

d) a controller, wherein said controller is configured to: 

i) determine a largest nonce value yet seen from a nonce value of a received message 
(Col 16, lines 9-16); 

ii) compare said nonce value to a filter in response to a sequence number of a received 
packet via said network interface does not exceed a largest sequence number yet seen retrieved 
from said expected sequence register (Col 16, lines 24-32); 

iii) compare said sequence number to said replay mask retrieved from said memory (Col 

16, lines 24-32); 

iv) accept said received packet in response to said comparison of said sequence number 
and said replay mask is false (Col 16, lines 24-32); 
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As per claims 2,3,11,13,20,21,29, and 37, the applicant discloses the method of claims 
1,10,19,28, and 36, which are met by Schneier (see above), further comprising the following limitation 
which is also met by Schneier: 

Designating said nonce value as a nonce value seen in response to said nonce value exceeding 
said largest nonce value yet seen (Col 16, lines 9-16); 

As disclosed by Schneier, "The central computer stores the most recent sequence number in 
memory" (Col 16, lines 13-14). 

As per claims 4,12,22,30, and 38, the applicant discloses the method of claims 1,10,19,28, and 
36, which are met by Schneier (see above), further comprising the following limitation which is also met 
by Schneier: 

Adjusting an acceptance window based on said nonce value in response to said nonce value 
exceeding said largest nonce value yet seen (Col 16, lines 24-32); 

The acceptance window is a log of nonces which have been received within a prescribed amount 
of time. The acceptance window is used to determine a replay attack through two methods: 1) if the 
nonce received has a time earlier than the acceptance window allows and 2) if the nonce received has 
already been received and is stored in the acceptance window. 

If the nonce received has a value exceeding the largest nonce value yet seen and is accepted as 
a valid nonce, it is stored in the database of nonces received. The acceptance window is adjusted 
because the acceptance window will no longer allow the nonce that has just been placed in it. 

As per claims 5,7,14,16,23,25,32,34,40, and 42, the applicant describes the method of claim 
1,6,10,16,19,24,28,33,36, and 41, which are met by Schneier (see above), with the following limitation 
which is also met by Schneier: 

Designating said received message as a replay attack (Col 16, lines 17-32); 
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If the acceptance window determines that a message either 1) has a time earlier than the 
acceptance window allows or 2) has a nonce which has already been received and stored in the 
acceptance window, the message is determined to not be fresh. If a message is not fresh, it is a replay 
attack. 

As per claims 6,8,15,17,24,26,33, and 41, the applicant describes the method of claims 
1,10,19,28, and 36, which are met by Schneier (see above), with the following limitation which is also met 
by Schneier: 

a) comparing said nonce value to a window mask value in response to said nonce value falling 
within said acceptance window (Col 16, lines 24-32); 

b) rejecting said received message in response to an outcome of said comparison of said nonce 
value to said window mask value being true (Col 16, lines 24-32); 

If the nonce value has a time which falls within the acceptance window, it is compared to window 
mask values to determine if the nonce has already been used. If the nonce value has already been used, 
the message is rejected. If the nonce has not already been used, the message is accepted. 

As per claims 9,18, and 27, the applicant describes the method of claims 8,17, and 26, which are 
met by Schneier (see above), with the following limitation which is also met by Schneier: 

Designating said nonce value as a nonce value seen (Col 16, lines 24-32); 

As disclosed by Schneier, "The central computer maintains a database of all random numbers 
received from the game computers" (Col 16, lines 26-27). 

As per claims 31 and 39, the applicant describes the system according to claims 28 and 36, 
which are met by Schneier (see above), with the following limitation which is also met by Schneier: 

Wherein said secure communication module is further configured to reject said received packet in 
response to said nonce value falling outside said filter (Col 16, lines 17-32); 
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The nonce value falls outside a filter and is rejected as a replay attack if the nonce's associated 
time is prior to the acceptable time of the filter. 

As per claims 35 and 43, the applicant describes the system according to claims 28 and 36. 
which are met by Schneier (see above), with the following limitation which is also met by Schneier: 

Wherein said secure communication module is further configured to reject said received packet in 
response to said nonce value fails to fall within said filter and said secure communication module is 
further configured to designate said received packet as part of a replay attack (Col 16, lines 17-32). 

Response to Arguments 

Applicant's arguments, see Remarks filed 5/26/05, with respect to claim 1 and Schneier not 
disclosing determining a largest nonce value yet seen have been fully considered but they are not 
persuasive. Schneier discloses a system where a sequence number is received. It is compared with the 
stored largest sequence number yet seen, and if the sequence number is one greater the message is 
accepted as fresh and the newly-received sequence number is now set as the largest sequence number 
yet seen. In this system, determining the largest sequence number yet seen is necessary in order to 
compare it to the newly-received sequence number to make sure the newly-received sequence number is 
one greater. 

Applicant's arguments with respect to claim 1 and Schneier disclosing two separate embodiments 
for replay attacks which have been combined in the rejection for claim 1 have been fully considered and 
are persuasive. The examiner agrees that Schneier discloses a first embodiment (Col 16, lines 9-16) and 
a second embodiment (Col 16, lines 17-32). Therefore, the rejection under 102(b) has been withdrawn. 
However, upon further consideration, a new ground(s) of rejection is made in view of 103(a). Combining 
the two embodiments would be obvious because doing so allows a message to be accepted as fresh if it 
is out of order but still within a certain time window. 
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Conclusion 



Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 8:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the organization where 
this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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